From 4840d9e0e1c753ccd7b59cce4aee159edd70bc62 Mon Sep 17 00:00:00 2001 From: Adrien Date: Wed, 22 Apr 2020 16:38:35 +0200 Subject: [PATCH] Add DigitalOcean storage --- bin/gen_list.sh | 16 +++ defaults/main.yml | 3 +- ...o-attacher-binding-ClusterRoleBinding.yaml | 13 +++ .../csi-do-attacher-role-ClusterRole.yaml | 19 ++++ .../csi-do-controller-StatefulSet.yaml | 98 +++++++++++++++++++ .../csi-do-controller-sa-ServiceAccount.yaml | 7 ++ files/digitalocean/csi-do-node-DaemonSet.yaml | 92 +++++++++++++++++ ...-registrar-binding-ClusterRoleBinding.yaml | 13 +++ ...ode-driver-registrar-role-ClusterRole.yaml | 11 +++ .../csi-do-node-sa-ServiceAccount.yaml | 7 ++ ...rovisioner-binding-ClusterRoleBinding.yaml | 14 +++ .../csi-do-provisioner-role-ClusterRole.yaml | 33 +++++++ ...do-resizer-binding-ClusterRoleBinding.yaml | 14 +++ .../csi-do-resizer-role-ClusterRole.yaml | 20 ++++ ...napshotter-binding-ClusterRoleBinding.yaml | 13 +++ .../csi-do-snapshotter-role-ClusterRole.yaml | 37 +++++++ .../do-block-storage-StorageClass.yaml | 9 ++ .../do-block-storage-VolumeSnapshotClass.yaml | 8 ++ .../dobs.csi.digitalocean.com-CSIDriver.yaml | 34 +++++++ ...orage.k8s.io-CustomResourceDefinition.yaml | 28 ++++++ ...orage.k8s.io-CustomResourceDefinition.yaml | 13 +++ ...orage.k8s.io-CustomResourceDefinition.yaml | 15 +++ tasks/digital_ocean.yml | 55 +++++++++++ tasks/main.yml | 16 +++ 24 files changed, 587 insertions(+), 1 deletion(-) create mode 100644 files/digitalocean/csi-do-attacher-binding-ClusterRoleBinding.yaml create mode 100644 files/digitalocean/csi-do-attacher-role-ClusterRole.yaml create mode 100644 files/digitalocean/csi-do-controller-StatefulSet.yaml create mode 100644 files/digitalocean/csi-do-controller-sa-ServiceAccount.yaml create mode 100644 files/digitalocean/csi-do-node-DaemonSet.yaml create mode 100644 files/digitalocean/csi-do-node-driver-registrar-binding-ClusterRoleBinding.yaml create mode 100644 files/digitalocean/csi-do-node-driver-registrar-role-ClusterRole.yaml create mode 100644 files/digitalocean/csi-do-node-sa-ServiceAccount.yaml create mode 100644 files/digitalocean/csi-do-provisioner-binding-ClusterRoleBinding.yaml create mode 100644 files/digitalocean/csi-do-provisioner-role-ClusterRole.yaml create mode 100644 files/digitalocean/csi-do-resizer-binding-ClusterRoleBinding.yaml create mode 100644 files/digitalocean/csi-do-resizer-role-ClusterRole.yaml create mode 100644 files/digitalocean/csi-do-snapshotter-binding-ClusterRoleBinding.yaml create mode 100644 files/digitalocean/csi-do-snapshotter-role-ClusterRole.yaml create mode 100644 files/digitalocean/do-block-storage-StorageClass.yaml create mode 100644 files/digitalocean/do-block-storage-VolumeSnapshotClass.yaml create mode 100644 files/digitalocean/dobs.csi.digitalocean.com-CSIDriver.yaml create mode 100644 files/digitalocean/volumesnapshotclasses.snapshot.storage.k8s.io-CustomResourceDefinition.yaml create mode 100644 files/digitalocean/volumesnapshotcontents.snapshot.storage.k8s.io-CustomResourceDefinition.yaml create mode 100644 files/digitalocean/volumesnapshots.snapshot.storage.k8s.io-CustomResourceDefinition.yaml create mode 100644 tasks/digital_ocean.yml diff --git a/bin/gen_list.sh b/bin/gen_list.sh index 81eab89..6e9ccee 100755 --- a/bin/gen_list.sh +++ b/bin/gen_list.sh @@ -1,4 +1,9 @@ #!/usr/bin/env bash + +# +# Run from files directory +# + wget https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml kubernetes-split-yaml local-path-storage.yaml > generated.log mv local{,.old} @@ -21,3 +26,14 @@ mv generated linode cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "linode/\2"|' sed -e /is-default-class/d -e /annotations/d -i linode/linode-block-storage-StorageClass.yaml rm -fr linode.old generated.log linode-blockstorage-csi-driver.yaml + + +wget https://raw.githubusercontent.com/digitalocean/csi-digitalocean/master/deploy/kubernetes/releases/csi-digitalocean-latest.yaml +kubernetes-split-yaml csi-digitalocean-latest.yaml > generated.log +mv digitalocean{,.old} +mv generated digitalocean +cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "digitalocean/\2"|' +for i in do-block-storage-StorageClass.yaml do-block-storage-VolumeSnapshotClass.yaml; do + sed -e /is-default-class/d -e /annotations/d -i digitalocean/"$i" +done +rm -fr digitalocean.old generated.log csi-digitalocean-latest.yaml diff --git a/defaults/main.yml b/defaults/main.yml index ca691a2..835eec3 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,7 @@ my_context: minikube storage_localpath: true storage_linode: false +storage_digitalocean: false -# local-path, linode-block-storage, linode-block-storage-retain +# local-path, linode-block-storage, linode-block-storage-retain, do-block-storage storage_default_storageclass: local-path \ No newline at end of file diff --git a/files/digitalocean/csi-do-attacher-binding-ClusterRoleBinding.yaml b/files/digitalocean/csi-do-attacher-binding-ClusterRoleBinding.yaml new file mode 100644 index 0000000..8087265 --- /dev/null +++ b/files/digitalocean/csi-do-attacher-binding-ClusterRoleBinding.yaml @@ -0,0 +1,13 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-attacher-binding +subjects: + - kind: ServiceAccount + name: csi-do-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-attacher-role + apiGroup: rbac.authorization.k8s.io + diff --git a/files/digitalocean/csi-do-attacher-role-ClusterRole.yaml b/files/digitalocean/csi-do-attacher-role-ClusterRole.yaml new file mode 100644 index 0000000..cff0c20 --- /dev/null +++ b/files/digitalocean/csi-do-attacher-role-ClusterRole.yaml @@ -0,0 +1,19 @@ +# Attacher must be able to work with PVs, nodes and VolumeAttachments +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-attacher-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + diff --git a/files/digitalocean/csi-do-controller-StatefulSet.yaml b/files/digitalocean/csi-do-controller-StatefulSet.yaml new file mode 100644 index 0000000..2ae0d52 --- /dev/null +++ b/files/digitalocean/csi-do-controller-StatefulSet.yaml @@ -0,0 +1,98 @@ + +############################################## +########### ############ +########### Controller plugin ############ +########### ############ +############################################## + +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: csi-do-controller + namespace: kube-system +spec: + serviceName: "csi-do" + selector: + matchLabels: + app: csi-do-controller + replicas: 1 + template: + metadata: + labels: + app: csi-do-controller + role: csi-do + spec: + priorityClassName: system-cluster-critical + serviceAccount: csi-do-controller-sa + containers: + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v1.4.0 + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v2.0.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-snapshotter + image: quay.io/k8scsi/csi-snapshotter:v1.2.2 + args: + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: IfNotPresent + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-resizer + image: quay.io/k8scsi/csi-resizer:v0.3.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--csiTimeout=30s" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-do-plugin + image: digitalocean/do-csi-plugin:dev + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--token=$(DIGITALOCEAN_ACCESS_TOKEN)" + - "--url=$(DIGITALOCEAN_API_URL)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: DIGITALOCEAN_API_URL + value: https://api.digitalocean.com/ + - name: DIGITALOCEAN_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: digitalocean + key: access-token + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} diff --git a/files/digitalocean/csi-do-controller-sa-ServiceAccount.yaml b/files/digitalocean/csi-do-controller-sa-ServiceAccount.yaml new file mode 100644 index 0000000..b3bbbfd --- /dev/null +++ b/files/digitalocean/csi-do-controller-sa-ServiceAccount.yaml @@ -0,0 +1,7 @@ + +kind: ServiceAccount +apiVersion: v1 +metadata: + name: csi-do-controller-sa + namespace: kube-system + diff --git a/files/digitalocean/csi-do-node-DaemonSet.yaml b/files/digitalocean/csi-do-node-DaemonSet.yaml new file mode 100644 index 0000000..232349b --- /dev/null +++ b/files/digitalocean/csi-do-node-DaemonSet.yaml @@ -0,0 +1,92 @@ + +######################################## +########### ############ +########### Node plugin ############ +########### ############ +######################################## + +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-do-node + namespace: kube-system +spec: + selector: + matchLabels: + app: csi-do-node + template: + metadata: + labels: + app: csi-do-node + role: csi-do + spec: + priorityClassName: system-node-critical + serviceAccount: csi-do-node-sa + hostNetwork: true + containers: + - name: csi-node-driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/dobs.csi.digitalocean.com /registration/dobs.csi.digitalocean.com-reg.sock"] + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/dobs.csi.digitalocean.com/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi/ + - name: registration-dir + mountPath: /registration/ + - name: csi-do-plugin + image: digitalocean/do-csi-plugin:dev + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--url=$(DIGITALOCEAN_API_URL)" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: DIGITALOCEAN_API_URL + value: https://api.digitalocean.com/ + imagePullPolicy: "Always" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/dobs.csi.digitalocean.com + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: device-dir + hostPath: + path: /dev diff --git a/files/digitalocean/csi-do-node-driver-registrar-binding-ClusterRoleBinding.yaml b/files/digitalocean/csi-do-node-driver-registrar-binding-ClusterRoleBinding.yaml new file mode 100644 index 0000000..5891ba7 --- /dev/null +++ b/files/digitalocean/csi-do-node-driver-registrar-binding-ClusterRoleBinding.yaml @@ -0,0 +1,13 @@ + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-node-driver-registrar-binding +subjects: + - kind: ServiceAccount + name: csi-do-node-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-node-driver-registrar-role + apiGroup: rbac.authorization.k8s.io diff --git a/files/digitalocean/csi-do-node-driver-registrar-role-ClusterRole.yaml b/files/digitalocean/csi-do-node-driver-registrar-role-ClusterRole.yaml new file mode 100644 index 0000000..a284dc6 --- /dev/null +++ b/files/digitalocean/csi-do-node-driver-registrar-role-ClusterRole.yaml @@ -0,0 +1,11 @@ + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-node-driver-registrar-role + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + diff --git a/files/digitalocean/csi-do-node-sa-ServiceAccount.yaml b/files/digitalocean/csi-do-node-sa-ServiceAccount.yaml new file mode 100644 index 0000000..c1174bc --- /dev/null +++ b/files/digitalocean/csi-do-node-sa-ServiceAccount.yaml @@ -0,0 +1,7 @@ + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-do-node-sa + namespace: kube-system + diff --git a/files/digitalocean/csi-do-provisioner-binding-ClusterRoleBinding.yaml b/files/digitalocean/csi-do-provisioner-binding-ClusterRoleBinding.yaml new file mode 100644 index 0000000..11c7f54 --- /dev/null +++ b/files/digitalocean/csi-do-provisioner-binding-ClusterRoleBinding.yaml @@ -0,0 +1,14 @@ + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-provisioner-binding +subjects: + - kind: ServiceAccount + name: csi-do-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-provisioner-role + apiGroup: rbac.authorization.k8s.io + diff --git a/files/digitalocean/csi-do-provisioner-role-ClusterRole.yaml b/files/digitalocean/csi-do-provisioner-role-ClusterRole.yaml new file mode 100644 index 0000000..d2de05b --- /dev/null +++ b/files/digitalocean/csi-do-provisioner-role-ClusterRole.yaml @@ -0,0 +1,33 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-provisioner-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + diff --git a/files/digitalocean/csi-do-resizer-binding-ClusterRoleBinding.yaml b/files/digitalocean/csi-do-resizer-binding-ClusterRoleBinding.yaml new file mode 100644 index 0000000..0a69f53 --- /dev/null +++ b/files/digitalocean/csi-do-resizer-binding-ClusterRoleBinding.yaml @@ -0,0 +1,14 @@ + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-resizer-binding +subjects: + - kind: ServiceAccount + name: csi-do-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-resizer-role + apiGroup: rbac.authorization.k8s.io + diff --git a/files/digitalocean/csi-do-resizer-role-ClusterRole.yaml b/files/digitalocean/csi-do-resizer-role-ClusterRole.yaml new file mode 100644 index 0000000..14d520e --- /dev/null +++ b/files/digitalocean/csi-do-resizer-role-ClusterRole.yaml @@ -0,0 +1,20 @@ + +# Resizer must be able to work with PVCs, PVs, SCs. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-resizer-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + diff --git a/files/digitalocean/csi-do-snapshotter-binding-ClusterRoleBinding.yaml b/files/digitalocean/csi-do-snapshotter-binding-ClusterRoleBinding.yaml new file mode 100644 index 0000000..29638e3 --- /dev/null +++ b/files/digitalocean/csi-do-snapshotter-binding-ClusterRoleBinding.yaml @@ -0,0 +1,13 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-snapshotter-binding +subjects: + - kind: ServiceAccount + name: csi-do-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-snapshotter-role + apiGroup: rbac.authorization.k8s.io + diff --git a/files/digitalocean/csi-do-snapshotter-role-ClusterRole.yaml b/files/digitalocean/csi-do-snapshotter-role-ClusterRole.yaml new file mode 100644 index 0000000..75e5f3c --- /dev/null +++ b/files/digitalocean/csi-do-snapshotter-role-ClusterRole.yaml @@ -0,0 +1,37 @@ + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-snapshotter-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete", "get", "update"] + diff --git a/files/digitalocean/do-block-storage-StorageClass.yaml b/files/digitalocean/do-block-storage-StorageClass.yaml new file mode 100644 index 0000000..4e0feab --- /dev/null +++ b/files/digitalocean/do-block-storage-StorageClass.yaml @@ -0,0 +1,9 @@ + +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: do-block-storage + namespace: kube-system +provisioner: dobs.csi.digitalocean.com +allowVolumeExpansion: true + diff --git a/files/digitalocean/do-block-storage-VolumeSnapshotClass.yaml b/files/digitalocean/do-block-storage-VolumeSnapshotClass.yaml new file mode 100644 index 0000000..af20b64 --- /dev/null +++ b/files/digitalocean/do-block-storage-VolumeSnapshotClass.yaml @@ -0,0 +1,8 @@ + +kind: VolumeSnapshotClass +apiVersion: snapshot.storage.k8s.io/v1alpha1 +metadata: + name: do-block-storage + namespace: kube-system +snapshotter: dobs.csi.digitalocean.com + diff --git a/files/digitalocean/dobs.csi.digitalocean.com-CSIDriver.yaml b/files/digitalocean/dobs.csi.digitalocean.com-CSIDriver.yaml new file mode 100644 index 0000000..e683f48 --- /dev/null +++ b/files/digitalocean/dobs.csi.digitalocean.com-CSIDriver.yaml @@ -0,0 +1,34 @@ +# Copyright 2020 DigitalOcean +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Configuration to deploy release version of the CSI DigitalOcean +# plugin (https://github.com/digitalocean/csi-digitalocean) compatible with +# Kubernetes >=v1.14+ +# +# example usage: kubectl create -f +# + +# This file is only for development use. Do not use in production. + +# Install the CSI Driver. This simplifies driver discovery and enables us to +# customize Kubernetes behavior +# https://kubernetes-csi.github.io/docs/csi-driver-object.html +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: dobs.csi.digitalocean.com +spec: + attachRequired: true + podInfoOnMount: true + diff --git a/files/digitalocean/volumesnapshotclasses.snapshot.storage.k8s.io-CustomResourceDefinition.yaml b/files/digitalocean/volumesnapshotclasses.snapshot.storage.k8s.io-CustomResourceDefinition.yaml new file mode 100644 index 0000000..f322cbf --- /dev/null +++ b/files/digitalocean/volumesnapshotclasses.snapshot.storage.k8s.io-CustomResourceDefinition.yaml @@ -0,0 +1,28 @@ + +############################################## +########### ############ +########### Snapshot CRDs ############ +########### ############ +############################################## +# +# The following CRD's are created by the csi-snapshotter, however it +# complicates installing a driver, because we're not able to install a custom +# VolumeSnapshotClass until the csi-snapshotter sidecar is up and running. We +# pulled out the CRD's and put them here to simplify the installation for the +# users. Make sure these are up to date with the original ones whenever we +# release a new version: https://github.com/kubernetes-csi/external-snapshotter/blob/master/cmd/csi-snapshotter/create_crd.go + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: volumesnapshotclasses.snapshot.storage.k8s.io +spec: + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshotClass + plural: volumesnapshotclasses + scope: Cluster + version: v1alpha1 + subresources: + status: {} + diff --git a/files/digitalocean/volumesnapshotcontents.snapshot.storage.k8s.io-CustomResourceDefinition.yaml b/files/digitalocean/volumesnapshotcontents.snapshot.storage.k8s.io-CustomResourceDefinition.yaml new file mode 100644 index 0000000..1bec611 --- /dev/null +++ b/files/digitalocean/volumesnapshotcontents.snapshot.storage.k8s.io-CustomResourceDefinition.yaml @@ -0,0 +1,13 @@ + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: volumesnapshotcontents.snapshot.storage.k8s.io +spec: + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshotContent + plural: volumesnapshotcontents + scope: Cluster + version: v1alpha1 + diff --git a/files/digitalocean/volumesnapshots.snapshot.storage.k8s.io-CustomResourceDefinition.yaml b/files/digitalocean/volumesnapshots.snapshot.storage.k8s.io-CustomResourceDefinition.yaml new file mode 100644 index 0000000..736ae2b --- /dev/null +++ b/files/digitalocean/volumesnapshots.snapshot.storage.k8s.io-CustomResourceDefinition.yaml @@ -0,0 +1,15 @@ + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: volumesnapshots.snapshot.storage.k8s.io +spec: + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshot + plural: volumesnapshots + scope: Namespaced + version: v1alpha1 + subresources: + status: {} + diff --git a/tasks/digital_ocean.yml b/tasks/digital_ocean.yml new file mode 100644 index 0000000..7124c9b --- /dev/null +++ b/tasks/digital_ocean.yml @@ -0,0 +1,55 @@ +--- +# https://github.com/digitalocean/csi-digitalocean + - name: Defined digitalocean-storage state to present + set_fact: + storage_digitalocean_state: present + when: + - storage_digitalocean|bool + + - name: find state of digitalocean-storage + set_fact: + storage_digitalocean_state: absent + when: + - not storage_digitalocean|bool + + - name: Add secret for DigitalOcean Access Key + k8s: + state: "{{ storage_digitalocean_state }}" + context: "{{ my_context }}" + definition: + apiVersion: v1 + kind: Secret + metadata: + name: digitalocean + namespace: kube-system + type: Opaque + stringData: + access-token: "{{ digitalocean_token }}" + + - name: digitalocean-storage need to be {{ storage_linode_state }} + k8s: + state: "{{ storage_digitalocean_state }}" + context: "{{ my_context }}" + merge_type: merge + resource_definition: "{{ lookup('file', item) | from_yaml }}" + with_items: + - "digitalocean/dobs.csi.digitalocean.com-CSIDriver.yaml" + - "digitalocean/volumesnapshotclasses.snapshot.storage.k8s.io-CustomResourceDefinition.yaml" + - "digitalocean/volumesnapshotcontents.snapshot.storage.k8s.io-CustomResourceDefinition.yaml" + - "digitalocean/volumesnapshots.snapshot.storage.k8s.io-CustomResourceDefinition.yaml" + - "digitalocean/do-block-storage-VolumeSnapshotClass.yaml" + - "digitalocean/do-block-storage-StorageClass.yaml" + - "digitalocean/csi-do-controller-StatefulSet.yaml" + - "digitalocean/csi-do-controller-sa-ServiceAccount.yaml" + - "digitalocean/csi-do-provisioner-role-ClusterRole.yaml" + - "digitalocean/csi-do-provisioner-binding-ClusterRoleBinding.yaml" + - "digitalocean/csi-do-attacher-role-ClusterRole.yaml" + - "digitalocean/csi-do-attacher-binding-ClusterRoleBinding.yaml" + - "digitalocean/csi-do-snapshotter-role-ClusterRole.yaml" + - "digitalocean/csi-do-snapshotter-binding-ClusterRoleBinding.yaml" + - "digitalocean/csi-do-resizer-role-ClusterRole.yaml" + - "digitalocean/csi-do-resizer-binding-ClusterRoleBinding.yaml" + - "digitalocean/csi-do-node-DaemonSet.yaml" + - "digitalocean/csi-do-node-sa-ServiceAccount.yaml" + - "digitalocean/csi-do-node-driver-registrar-role-ClusterRole.yaml" + - "digitalocean/csi-do-node-driver-registrar-binding-ClusterRoleBinding.yaml" diff --git a/tasks/main.yml b/tasks/main.yml index 7b4d3ad..5249cff 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,6 +1,7 @@ - name: Local Path setup block: - include_tasks: "local.yml" + - include_tasks: "digital_ocean.yml" - include_tasks: "linode.yml" - name: Select the default StorageClass @@ -16,3 +17,18 @@ storageclass.kubernetes.io/is-default-class: "true" when: - storage_default_storageclass is defined + + - name: Select the default VolumeSnapshotClass + k8s: + state: present + context: "{{ my_context }}" + definition: + apiVersion: v1 + kind: VolumeSnapshotClass + metadata: + name: "{{ storage_default_storageclass }}" + annotations: + snapshot.storage.kubernetes.io/is-default-class: "true" + when: + - storage_default_storageclass is defined + - storage_default_storageclass == "do-block-storage"